Hackers are more than ever unscrupulous. At the end of January, they are even attacked In the street. The aid organization for homeless youth even paid a ransom to recover their data, rendered unreadable.
In the street, founded in 1988 by father Emmett “Pops” Johns, was reported on 4 February that hackers had infiltrated its network and encrypted its contents.
“We negotiated the amount down because it is a non-profit organization. It has been a victim ; we had not the choice to recover our data, ” says the director-general In the street, Cecile’arbaud. She refuses to disclose the amount paid to the pirates.
Data for up to 250 people
By infiltrating the network, they were able to access personal information of 257 employees and ex-employees, according to a letter the agency had sent and obtained by our Office of investigation.
The information compromised includes their address, their date of birth, social insurance number, their bank information and the name of persons to contact in case of emergency.
In the street says, however, “having no confirmation” that the hackers have indeed accessed the data.
To prevent the fraud from these information, the organization offers the persons concerned a year of protection against identity theft with TransUnion.
Three months of silence
Our Bureau of investigation has joined a former employee whose data is compromised. He regrets that the organization has been slow to warn them.
“We realized that on February 4, and the communication happens only on 11 may, three months later ! “says the ex-employee, who wants to remain anonymous to protect his career.
The good practices advocated rather the disclosure of a leak in three days, as required by the general regulation on data protection (RGPD) in Europe, for example.
Why after having waited so long ? “We had the results of the survey in the middle of the crisis of the COVID. So we did it quickly “, says Cécile’arbaud.
The decision to pay the ransom is not ideal, judge Damien Bancal, director of cyberintelligence in 8Brains.
The game of pirates
“It means that we can pass a contract on a crime, and it means accepting that the pirates continue !” he laments.
It also means that In the street did not have viable backups of the encrypted information, notifies the hunter of hackers.
The attackers were able to access the information ” between the 23 January and 4 February 2020 “, which is a period of 12 days, depending On the street.
Cécile’arbaud ensures, however, that they only encrypted the data of the body, without the fly.
“The information is not in the hands of the pirates “, she says.
The expert in information security Steve Waterhouse is skeptical. “I don’t really know how they can know that it has not been copied “, he said.
The director did not want to give details about this.
Rançongiciel for rent
- The rançongiciel who struck In the street, the “Zeppelin” or ” Buran “, is of Russian design.
- It is available for the “general public” for at least a year.
- The hackers who have coded at the start the put in the market to other offenders of the web to target their own victims in “renting” the technology.
► You have the information ? Contact Hugo Joncas at 438-396-5546 (Signal, cell.) or email@example.com .